These are chat archives for MindLeaps/tracker

27th
Nov 2016
Tomislav Pesut
@tomca32
Nov 27 2016 02:46
Oh that's too bad
So the build fails on Travis?
John Barker
@j16r
Nov 27 2016 16:20
I upgraded it to Trusty
which is 1404
DO is on xenial xenophobe or something, 1604
John Barker
@j16r
Nov 27 2016 16:29
travis doesn't have a roadmap for moving to 1604, might be worth investigating an alternative
Tomislav Pesut
@tomca32
Nov 27 2016 16:32
oh
do you want me to change the domain so it points to the new staging?
John Barker
@j16r
Nov 27 2016 16:39
we could do that
I wonder how to make it less disruptive though
Tomislav Pesut
@tomca32
Nov 27 2016 16:40
does it matter for staging env?
John Barker
@j16r
Nov 27 2016 16:42
more thining of production
is there a way to do letsencrypt without the domain?
Tomislav Pesut
@tomca32
Nov 27 2016 16:43
I wouldn't think so...certificate belongs to the domain
John Barker
@j16r
Nov 27 2016 16:48
I mean without serving something from the domain ;)
hmm we could migrate the old certs over, but that feels risky
Tomislav Pesut
@tomca32
Nov 27 2016 16:53
there are 3 possible validations methods...serving something over port 80, over port 443, and having a DNS txt record
John Barker
@j16r
Nov 27 2016 16:55
hmm, how does letsencrypt suggest handling multiple servers?
i.e. behind a round robin dns record or load balancer?
basically, I feel like migrating production servers will be frequent enough that we may want to consider reducing downtime, but maybe that's something we don't have to solve right now
perhaps I need to think "bootstrapped volunteer project" and less "enterprise web site with 10,000 rq/s"
Tomislav Pesut
@tomca32
Nov 27 2016 16:57
your concerns are definitely valid
while we are not nearly at that scale, I'm glad you're pointing that stuff out
John Barker
@j16r
Nov 27 2016 16:58
tell ya what, let's just switch domains over
I'll create a JIRA ticket and we'll solve later
Tomislav Pesut
@tomca32
Nov 27 2016 16:59
fair enough
so staging goes to.... 198.199.71.136
John Barker
@j16r
Nov 27 2016 17:00
yes
Tomislav Pesut
@tomca32
Nov 27 2016 17:00
change made....will take some time to propagate
Also I gave your mindleaps google account permission to manage the domain
if by any chance you want to do something and I'm not online or something
you probably got an email about that
John Barker
@j16r
Nov 27 2016 17:03
TRACK-85
hmm, think it has propagated for me already
Tomislav Pesut
@tomca32
Nov 27 2016 17:04
if you use Google DNS then I'm not surprised
John Barker
@j16r
Nov 27 2016 17:04
getting connection refused ;)
nah I use a server in the netherlands over https
dnscrypt
ah dang, we have a chicken and egg problem
Tomislav Pesut
@tomca32
Nov 27 2016 17:05
oh yeah
yeah
that sounds really familiar again
John Barker
@j16r
Nov 27 2016 17:06
nginx can't run without cert, cert can't be obtained without nginx running ;)
Tomislav Pesut
@tomca32
Nov 27 2016 17:06
something like you can't start nginx because it fails to find cert
and yeah
John Barker
@j16r
Nov 27 2016 17:06
hehe
Tomislav Pesut
@tomca32
Nov 27 2016 17:06
I remember that and didn't really think of a good solution
just did it manually the first time when I did that but we should find a way to automate that process
John Barker
@j16r
Nov 27 2016 17:07
simple thing would be to have an initial nginx config, that gets updated when ssl cert is installed
Tomislav Pesut
@tomca32
Nov 27 2016 17:07
yeah, it's a bit awkward that it gets run on every deploy when it's really only useful for the first
but since we're not optimizing deploy speed, that's fine
John Barker
@j16r
Nov 27 2016 17:11
that can usually be fixed quite easily
the shell command has the creates option which you can point to the cert
  args:
    creates: "/etc/letsencrypt/live/{{ deploy_domain }}/fullchain.pem"
Tomislav Pesut
@tomca32
Nov 27 2016 17:15
oh all right
John Barker
@j16r
Nov 27 2016 17:18
I think I got it
Tomislav Pesut
@tomca32
Nov 27 2016 17:20
woot
Tomislav Pesut
@tomca32
Nov 27 2016 17:29
do you use a client for Gitter or just the web interface?
John Barker
@j16r
Nov 27 2016 17:40
web
it sucks
Tomislav Pesut
@tomca32
Nov 27 2016 17:40
yeah that's why I'm asking
John Barker
@j16r
Nov 27 2016 17:41
hmm, did you have to put something on the server for letsencrypt
is there a native client?
Tomislav Pesut
@tomca32
Nov 27 2016 17:42
just installing the native client....has a great install screen
Screen Shot 2016-11-27 at 12.41.29 PM.png
put something on server...hmm don't remember. I wouldn't think so
John Barker
@j16r
Nov 27 2016 17:42
I bet it's just a wrapper arund a webview
Tomislav Pesut
@tomca32
Nov 27 2016 17:42
what's the issue you're getting
oh yeah almost certainly
still I like to have it in a separate application. I kill tabs all the time
and then an hour later realize that I killed chat with you
John Barker
@j16r
Nov 27 2016 17:43
yeah ;)
I might give it a try
the web interface is pretty clunky
Tomislav Pesut
@tomca32
Nov 27 2016 17:43
yup it’s a webview
still better than tab
oh staging is up
so what’s the problem you were just dealing with?
John Barker
@j16r
Nov 27 2016 17:46
Tomislav Pesut
@tomca32
Nov 27 2016 17:47
I think certbot does that
Tomislav Pesut
@tomca32
Nov 27 2016 17:48
cool
so staging now also has a volume yeah?
and is it running on postgres?
John Barker
@j16r
Nov 27 2016 17:49
ok just checking the volume is setup all right, then can I ask you to try a prod deploy on a new host?
you'll need to edit production inventory
yeah it's running postgres and has no data ;)
but I don't think it's using my pg_hba.conf
Tomislav Pesut
@tomca32
Nov 27 2016 17:50
all right
I can deploy to the new prod but I don’t think we can switch the domain
John Barker
@j16r
Nov 27 2016 17:51
oh, why is that?
Tomislav Pesut
@tomca32
Nov 27 2016 17:52
I need to double check with Rebecca to see if the field test is finished
Didn’t want to update prod until they are done
John Barker
@j16r
Nov 27 2016 17:53
ahh, fair
Tomislav Pesut
@tomca32
Nov 27 2016 17:54
The issue I also have with updating prod, is that we don’t directly control the tablet. Meaning if we release something that screws up the tablet, we can’t update the tablet at the moment
Once we release the app in play store, we can just tell them to update the tablet app. But right now there is no way to ship them the updated app version
John Barker
@j16r
Nov 27 2016 17:56
using ansible so much lately, tempted to write my own deployment tool, so much i dislike about this tool
Tomislav Pesut
@tomca32
Nov 27 2016 17:56
oh interesting
what are your biggest problems?
John Barker
@j16r
Nov 27 2016 17:59
too many ways to declare variables, precedence ordering is inconvenient, syntax is a bit muddled between different requirements, it's slow and inefficient, the output is way too noisy, encourages use of way too many small files, context as a way to define how a statement works is ultimately a little confusing, its hard to order and prioritize things in a good way
Tomislav Pesut
@tomca32
Nov 27 2016 18:00
that’s a fair critique
have you used capistrano?
John Barker
@j16r
Nov 27 2016 18:01
a little
Tomislav Pesut
@tomca32
Nov 27 2016 18:01
I’ve also heard people praise https://github.com/mina-deploy/mina but I’ve never tried it
did you like cap?
I haven’t used anything but ansible that’s why I’m asking
John Barker
@j16r
Nov 27 2016 18:05
didn't use cap much to form an opinion
it's a really hard problem, ultimately most deploys have such varying requirements you almost need a general purpose programming language
John Barker
@j16r
Nov 27 2016 18:16
well, I'm going to leave the PR at that
take a look
I'm almost tempted to just rip out the geerlingguy.postgresql role because it makes things more complicated, it's a bit twisty, but take a look for me and see what you think
Tomislav Pesut
@tomca32
Nov 27 2016 18:17
oh great!
will take a look…so just the prod is not configured
right?
John Barker
@j16r
Nov 27 2016 18:18
yup, I don't have the pass ;)
Tomislav Pesut
@tomca32
Nov 27 2016 18:18
oh I can share that
John Barker
@j16r
Nov 27 2016 18:19
well I'd want to double check it before doing the change
Tomislav Pesut
@tomca32
Nov 27 2016 18:19
btw is rubygems working fine for you? can you gem install something?
fair enough
thanks for investing your weekend into this
I’ll take a look, probably ask you a bunch of questions
Tomislav Pesut
@tomca32
Nov 27 2016 18:24
just having some issues with ruby gems and ssl
John Barker
@j16r
Nov 27 2016 18:30
all right, I'm out, ttyl
Tomislav Pesut
@tomca32
Nov 27 2016 18:30
thank you very much
hey you still here?